A roles/srht/files/graphql.conf => roles/srht/files/graphql.conf +20 -0
@@ 0,0 1,20 @@
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-Proto https;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain; charset=utf-8';
+ add_header 'Content-Length' 0;
+ return 204;
+}
+
+add_header 'Access-Control-Allow-Origin' '*';
+add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
M roles/srht/files/nginx/builds.conf => roles/srht/files/nginx/builds.conf +6 -25
@@ 7,46 7,27 @@ server {
include /etc/nginx/snippets/https.conf;
server_name builds.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'" always;
-
client_max_body_size 100M;
- gzip on;
- gzip_types text/css;
+ include /etc/nginx/snippets/srht.conf;
location / {
proxy_pass http://127.0.0.1:5002;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/buildsrht;
+ root /usr/lib/$python/site-packages/buildsrht;
expires 30d;
}
location /query {
proxy_pass http://127.0.0.1:5102;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain;
- charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
-
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+ include /etc/nginx/snippets/graphql.conf;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/git.conf => roles/srht/files/nginx/git.conf +6 -29
@@ 7,23 7,18 @@ server {
include /etc/nginx/snippets/https.conf;
server_name git.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
-
client_max_body_size 100M;
- gzip on;
- gzip_types text/css;
+ include /etc/nginx/snippets/srht.conf;
location / {
proxy_pass http://127.0.0.1:5001;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/gitsrht;
+ root /usr/lib/$python/site-packages/gitsrht;
expires 30d;
}
@@ 48,28 43,10 @@ server {
location /query {
proxy_pass http://127.0.0.1:5101;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain;
- charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
-
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+ include /etc/nginx/snippets/graphql.conf;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/hub.conf => roles/srht/files/nginx/hub.conf +5 -10
@@ 7,25 7,20 @@ server {
include /etc/nginx/snippets/https.conf;
server_name hub.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
-
- gzip on;
- gzip_types text/css;
+ include /etc/nginx/snippets/srht.conf;
location / {
proxy_pass http://127.0.0.1:5014;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/hubsrht;
+ root /usr/lib/$python/site-packages/hubsrht;
expires 30d;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/lists.conf => roles/srht/files/nginx/lists.conf +6 -29
@@ 7,48 7,25 @@ server {
include /etc/nginx/snippets/https.conf;
server_name lists.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self'" always;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'";
-
- gzip on;
- gzip_types text/css;
+ include /etc/nginx/snippets/srht.conf;
location / {
proxy_pass http://127.0.0.1:5006;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'";
+ include /etc/nginx/snippets/srht_web.conf;
}
location /query {
proxy_pass http://127.0.0.1:5106;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain; charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
-
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+ include /etc/nginx/snippets/graphql.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/listssrht;
+ root /usr/lib/$python/site-packages/listssrht;
expires 30d;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/man.conf => roles/srht/files/nginx/man.conf +5 -6
@@ 7,23 7,22 @@ server {
include /etc/nginx/snippets/https.conf;
server_name man.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
+ include /etc/nginx/snippets/srht.conf;
client_max_body_size 100M;
- gzip on;
- gzip_types text/css;
-
location / {
proxy_pass http://127.0.0.1:5004;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/mansrht;
+ root /usr/lib/$python/site-packages/mansrht;
expires 30d;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/meta.conf => roles/srht/files/nginx/meta.conf +6 -29
@@ 7,48 7,25 @@ server {
include /etc/nginx/snippets/https.conf;
server_name meta.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline' *.stripe.com *.stripe.network; frame-src *.stripe.com *.stripe.network" always;
-
- gzip on;
- gzip_types text/css;
+ include /etc/nginx/snippets/srht.conf;
location / {
proxy_pass http://127.0.0.1:5000;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline' *.stripe.com *.stripe.network; frame-src *.stripe.com *.stripe.network" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/metasrht;
+ root /usr/lib/$python/site-packages/metasrht;
expires 30d;
}
location /query {
proxy_pass http://127.0.0.1:5100;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain;
- charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
-
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+ include /etc/nginx/snippets/graphql.conf;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/paste.conf => roles/srht/files/nginx/paste.conf +5 -6
@@ 7,23 7,22 @@ server {
include /etc/nginx/snippets/https.conf;
server_name paste.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
+ include /etc/nginx/snippets/srht.conf;
client_max_body_size 10M;
- gzip on;
- gzip_types text/css;
-
location / {
proxy_pass http://127.0.0.1:5011;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/pastesrht;
+ root /usr/lib/$python/site-packages/pastesrht;
expires 30d;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
M roles/srht/files/nginx/todo.conf => roles/srht/files/nginx/todo.conf +6 -25
@@ 7,46 7,27 @@ server {
include /etc/nginx/snippets/https.conf;
server_name todo.xenrox.net;
- add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
-
client_max_body_size 100M;
- gzip on;
- gzip_types text/css;
+ include /etc/nginx/snippets/srht.conf;
location / {
proxy_pass http://127.0.0.1:5003;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
+ include /etc/nginx/snippets/srht_web.conf;
}
location /query {
proxy_pass http://127.0.0.1:5103;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain;
- charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
-
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+ include /etc/nginx/snippets/graphql.conf;
}
location /static {
- root /usr/lib/python3.9/site-packages/todosrht;
+ root /usr/lib/$python/site-packages/todosrht;
expires 30d;
}
location = /robots.txt {
- alias /etc/nginx/nginx.d/srht_robots.txt;
+ alias /etc/nginx/snippets/srht_robots.txt;
}
}
A roles/srht/files/srht.conf => roles/srht/files/srht.conf +4 -0
@@ 0,0 1,4 @@
+# TODO: Read IP with ansible dns and python version from installed packages
+set $python "python3.9";
+set_real_ip_from 127.0.0.0/16;
+set_real_ip_from 178.63.61.184
R roles/srht/files/nginx/srht_robots.txt => roles/srht/files/srht_robots.txt +0 -0
A roles/srht/files/srht_web.conf => roles/srht/files/srht_web.conf +5 -0
@@ 0,0 1,5 @@
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-Proto https;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
M roles/srht/tasks/main.yml => roles/srht/tasks/main.yml +14 -0
@@ 194,6 194,20 @@
notify:
- restart nginx
+- name: Copy nginx snippets
+ ansible.builtin.copy:
+ src: "{{ item }}"
+ dest: /etc/nginx/snippets
+ owner: root
+ group: root
+ mode: 0755
+ with_items:
+ - graphql.conf
+ - srht.conf
+ - srht_robots.txt
+ - srht_web.conf
+ notify: restart nginx
+
- name: copy api key
ansible.builtin.template:
src: image-refresh-token.j2